Top 8 Network Detection and Response (NDR)

DarktraceCynetVectra AICisco Secure Network AnalyticsExtraHop Reveal(x)Arista NDRNetWitness XDRBlue Hexagon
  1. leader badge
    I find the complete portfolio to be excellent.We liked their approach to identifying intrusions or network anomalies using AI.
  2. A reliable security system that automatically quarantines anything suspicious.A good feature is how the solution packages varied information into a single dashboard that's readable and meets our needs.
  3. Buyer's Guide
    Network Detection and Response (NDR)
    January 2023
    Find out what your peers are saying about Darktrace, Cynet, Vectra AI and others in Network Detection and Response (NDR). Updated: January 2023.
    670,400 professionals have used our research since 2012.
  4. What I like best about Vectra AI is that it alerts you about suspicious activities.The most useful feature is the anomaly detection because it's not signature-based. It picks up the initial part of any attack, like the recon and those aspects of the kill chain, very well.
  5. If you are using Darktrace or NAC solutions you can integrate Stealthwatch.StealthWatch lets me see the ports running in and out and the country. It has excellent reporting, telemetry, and artificial intelligence features. With the telemetry, I can set thresholds to detect sudden changes and the alarms go through the PLC parts. I can see all the ports running on that trunk.
  6. The most valuable features of ExtraHop Reveal(x) are the detection and alerting of network behavior and anomalies.When there are performance issues with an HTTP app, ExtraHop enables us to identify the causes within a few minutes. We can see what transactions are being impacted by something that may be happening within the server environment.
  7. When I create a workbench query in Awake to do threat hunting, it's much easier to query. You get a dictionary popup immediately when you try to type a new query. It says, "You want to search for a device?" Then you type in "D-E," and it gives you a list of commands, like device, data set behavior, etc. That gives you the ability to build your own query.
  8. report
    Use our free recommendation engine to learn which Network Detection and Response (NDR) solutions are best for your needs.
    670,400 professionals have used our research since 2012.
  9. Technical support is knowledgeable. It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users.
  10. They can provide you very contextual alerts on if something bad is happening—coming into your network or going out of your network. As part of that, they gather a lot of threat intelligence and map your connections against that. The larger benefit is that they give you a risk rating on their findings.

Advice From The Community

Read answers to top Network Detection and Response (NDR) questions. 670,400 professionals have gotten help from our community of experts.
Giusel - PeerSpot reviewer
IT Engineer at UTMStack

Hi community,

I'm working on a document about the Security Operation Center best practices, and I would like to get your inputs about it.


Robert Cheruiyot - PeerSpot reviewer
Robert CheruiyotHi Giusel, From my little experience, it's always good to have a good working… more »
4 Answers
Rony_Sklar - PeerSpot reviewer
Community Manager at a tech services company with 51-200 employees
Hello community,  What are the differences between how NDR and SIEM work?  What are the pros and cons of each? Is it necessary to have both types of tools?
Read More »
DK Shrivastava - PeerSpot reviewer
DK ShrivastavaNDR is just analysis of network behaviour and forms a part of SIEM strategy. it… more »
7 Answers

Network Detection and Response (NDR) Articles

Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager at PeerSpot (formerly IT Central Station)
Jan 24 2023
For most companies, whether they are large or small organizations, cyber threats and hacker attacks are a major concern and an ongoing challenge. Since cybersecurity is a critical part of any enterprise IT environment, it is important for software engineers, security, and DevOps professionals to ...
Read More »
Stuart Berman - PeerSpot reviewer
Stuart BermanI agree with many of these observations.  A trend I noticed as a security… more »
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Hi dear community members, Here we go again with a new bi-weekly Community Spotlight where we share with you recent contributions: articles, questions and discussions. Check them out below! Trending Cybersecurity Trends To Look Out For in 2022 Top 5 Network Access Control (NAC) Softw...
Read More »
Ravi Suvvari - PeerSpot reviewer
Ravi Suvvarivery good and valuable information
1 Comment
Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager at PeerSpot (formerly IT Central Station)
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features...
Read More »

Network Detection and Response (NDR) Topics

Why is Network Detection and Response important?

The constant increase in volume and complexity of attacks makes it difficult for legacy security tools to keep pace. Detecting known indicators of compromise (IoC) or attack patterns is not enough when cyber criminals seem to always be a step ahead. Organizations need to detect an advanced attack before it becomes a breach.

The enormous volume of data created and traveling across networks provides an ideal hideaway for attackers, whose activities are able to blend in with normal traffic patterns. Thus, attackers can dwell in the network for weeks or months, stealing data in small batches so they aren’t noticed.

Current attack tactics require a solution that can constantly monitor the network to detect abnormal behavior and stop intruders quickly. That’s where network detection and response (NDR) comes in.

Network security typically uses an array of tools for monitoring and intercepting malicious traffic. However, effective network security needs in-depth visibility into the network so they can respond quickly. Network detection and response tools give security teams real-time awareness of network data for quick and meaningful analysis.

NDRs are often integrated as part of broader security solutions, like security information and event management (SIEM) and endpoint detection and response (EDR). Both SIEM and NDR solutions use log analysis to produce high-relevance contextual alerts as part of a whole security solution. This integration gives a comprehensive approach to the attack surface.

What are the key aspects of an NDR solution?

There are several types of Network Detection and Response solutions, and each one is unique. Still, there are key aspects common to all of them. Here is a short list:

  • Machine learning technology analyzes large sets of data to detect threats and make accurate predictions. NDR solutions use machine learning models to detect uncommon patterns; for instance, an unused port suddenly in use, or suspicious activity. By using behavioral analytics, machine learning algorithms can detect a potential threat and prioritize it before sending an alert.
  • Heuristics analyzes the data, looking for suspicious properties. Using heuristics in NDR solutions helps detect unknown threats by identifying abnormal characteristics.
  • Threat intelligence feeds are data streams that provide information on known cyber threats. This information can come from public security repositories or threat lists, or may have been previously identified by the security team. Threat intelligence provides context to NDR solutions so the system can prioritize the alerts by level of risk.
  • Statistical analysis can range from simple URL analysis to analysis of network traffic patterns. Statistical analysis helps determine a baseline of normal behavior the system can use to detect anomalies.
How does NDR enhance your security?

Network detection and response (NDR) solutions enable users to quickly receive threat visibility across an environment. NDR solutions complement other security tools like SIEM (security information and event management) and endpoint detection and response (EDR). Using these technologies together enables the creation of an entire span of visibility.

Network detection and response solutions improve every stage of the threat detection and response process:

  • Detection - NDR solutions collect data across the network and environments, using machine learning analytics to detect threats. Effective NDR solutions incorporate different modeling and deep inspection techniques against both known indicators of compromise (IoC) and unusual behavior.
  • Investigation - NDR gives real-time analytics, which help allow for quick response to threats. It provides contextual intelligence for threat analysis, including supporting legal action by producing information for audits and compliance reports.
  • Response - Since NDR gives information in real-time, security teams can respond more quickly to potential threats. Additionally, effective NDR solutions automate security workflows, improving the security team response. The system prioritizes alerts and automates responses to some threats. Therefore, security teams can focus on the highest-level alerts.
What to Look for in an NDR Solution

Network detection and response (NDR) solutions can be managed, operated or automated.

  • Managed: Managed NDR solutions (or NDR-as-a-Service) combine threat detection techniques with analyses that investigate and respond according to predefined playbooks.
  • Operated: This model offers the technology solution as a package while the company keeps activity logs and provides a security team to respond and recover when necessary.
  • Automated: In this option, the solution is fully automated, without human intervention.

How can you choose the right NDR solution for your company? There are three key parameters you should look when browsing for an NDR solution:

  1. False positives: look at the rate of false positives and false negatives of the system. A high rate of false positives can disrupt network operation. On the other hand, if the system has false negatives, this can lead to attacks passing through.
  2. Machine learning and AI: Check that the system is not entirely dependent on rules. This will give your company more flexibility to adapt to new network conditions.
  3. Does the system enable action? Solutions must enable quick and automated responses. In addition, the system must enable historical recording of network activity, by doing snapshots or logging and log analysis.

Buyer's Guide
Network Detection and Response (NDR)
January 2023
Find out what your peers are saying about Darktrace, Cynet, Vectra AI and others in Network Detection and Response (NDR). Updated: January 2023.
670,400 professionals have used our research since 2012.